Branch information

Recent revisions

debian/ecryptfs-utils.postinst: Fix any unencrypted GPT swap partitions
that have mistakenly remained marked as auto mount. This should only
modify the swap partitions on systems that ecryptfs-setup-swap has been
used on. (LP: #1447282, LP: #1597154)

tests/kernel/lp-872905.sh: Adjust the test to account for upstream kernel
changes that were preventing the test from cleaning up after itself. The kernel
had a change of behavior where mounts that are configured to use encrypted
filenames will not be able to successfully lookup lower files with plaintext
filenames. This change caused the lower filler file, which was being created
directly in the lower filesystem, to not be removed during the test cleanup and
all of the following tests to fail since the lower filesystem remained full.

The upstream kernel commit mentioned above is:

88ae4ab ecryptfs_lookup(): try either only encrypted or plaintext name

src/utils/ecryptfs-setup-swap: Prevent unencrypted swap partitions from
being automatically enabled by systemd. This bug affected GPT partitioned
NVMe/MMC drives and resulted in the swap partition being used without
encryption. It also resulted in a usability issue in that users were
erroneously prompted to enter a pass-phrase to unlock their swap partition
at boot. (LP: #1597154)

* src/utils/ecryptfs-setup-private: LP: #1328689
- fix a long standing bug, where setting up an encrypted private,
encrypted home, or migrating to an encrypted home did not work
correctly over ssh sessions
- the root cause of the bug is some complexity in the handling of
user keyrings and session keyrings
- the long term solution would be to correctly use session keyrings
- the short term solution is to continue linking user and session
keyrings